s3: Fix an uninitialized variable read

Found by Laurent Gaffie <laurent.gaffie@gmail.com>

Thanks for that,

Volker

Fix bug #7254 (An uninitialized variable read could cause an smbd crash).
(cherry picked from commit 9280051bfba337458722fb157f3082f93cbd9f2b)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1529166d436bb9b5002ee715826ddb8269f2673e..68cb8d3a267a9d8c6cb31e54624fdc85a5c1ac45 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1213,7 +1213,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        file_save("negotiate.dat", blob1.data, blob1.length);
 #endif
 
-       p2 = (char *)req->buf + data_blob_len;
+       p2 = (char *)req->buf + blob1.length;
 
        p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
                                     STR_TERMINATE);